CVE-2014-8169
First published: Fri Feb 13 2015(Updated: )
automount 5.0.8, when a program map uses certain interpreted languages, uses the calling user's USER and HOME environment variable values instead of the values for the user used to run the mapped program, which allows local users to gain privileges via a Trojan horse program in the user home directory.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Redhat Enterprise Linux Desktop | =6.0 | |
| Redhat Enterprise Linux Hpc Node | =6.0 | |
| Redhat Enterprise Linux Server | =6.0 | |
| Redhat Enterprise Linux Workstation | =6.0 | |
| Automount Project Automount | =5.0.8 | |
| openSUSE openSUSE | =13.1 | |
| openSUSE openSUSE | =13.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1192565#c2
- https://access.redhat.com/support/policy/updates/errata/
- https://rhn.redhat.com/errata/RHSA-2015-1344.html
- https://rhn.redhat.com/errata/RHSA-2015-2417.html
- https://bugzilla.redhat.com/show_bug.cgi?id=1192565
- http://lists.opensuse.org/opensuse-updates/2015-03/msg00033.html
- http://rhn.redhat.com/errata/RHSA-2015-1344.html
- http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html
- http://www.securityfocus.com/bid/73211
- http://www.ubuntu.com/usn/USN-2579-1
- https://bugzilla.suse.com/show_bug.cgi?id=917977
- agent/type
- agent/first-publish-date
- agent/last-modified-date
- agent/references
- agent/weakness
- agent/severity
- agent/author
- agent/description
- agent/event
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2014-8169
- vendor/redhat
- canonical/redhat enterprise linux desktop
- version/redhat enterprise linux desktop/6.0
- canonical/redhat enterprise linux hpc node
- version/redhat enterprise linux hpc node/6.0
- canonical/redhat enterprise linux server
- version/redhat enterprise linux server/6.0
- canonical/redhat enterprise linux workstation
- version/redhat enterprise linux workstation/6.0
- vendor/automount project
- canonical/automount project automount
- version/automount project automount/5.0.8
- vendor/opensuse
- canonical/opensuse opensuse
- version/opensuse opensuse/13.1
- version/opensuse opensuse/13.2